W2K Event Log problems

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi All,

Seems something is causing probs in the Application Log within the Event Logs. As you'll see, it's obviously a Group Policy issue.

The following two errors appear repeatedly, until I receive the "Application Log is Full" error - roughly every 3-4 days. I have been working on Group Policies recently, but have deleted all the GPOs I created after I was done.

Do these errors shed any light to anyone ?


Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 07/12/2003
Time: 19:58:10
User: N/A
Computer: SERVER1
Description:
Security policies are propagated with warning. 0x534 : No mapping between account names and security IDs was done.
Please look for more details in TroubleShooting section in Security Help.

-----------------------------------------------------------------------

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 07/12/2003
Time: 19:53:05
User: NT AUTHORITY\SYSTEM
Computer: SERVER1
Description:
The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1332).

These are repeated time and again (no others) till the App Log is full.

Thanks in advance.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi Jako

Regarding the first Error that you posted, I had the exact same massage a while back and if i remember rightly they happen even 10 mins.. Unfortunately, For the life of me I cant remember what I did to rectify the problem, I will endevour to rattle the old brain cells a little more and see if i can remember

 

Gav,

A quick search found this here

 

Thanks for the quick answer, D -

Just wondering out loud - if even the Default Domain GPOs are still in place, but no other machines are running in the Domain (they're normally only fired up on my "designated study days", and even then, only as needed), would that mean that the GPO has nowhere to propagate to, so no mappings could be made ?

Sorry, but I'm obviously deep in un-charted territory here, so wild guessing ain't gonna harm me now - no harm in asking.

 

thats the one phil, You hit the nail on the head there, and jogged my memory too. I remember now that i had deleted a couple of test accounts in AD and thats when the massages started.

 

@Phil - Woops - we obviously posted at the same time there

Thanks for that - I'll try and get a look for it later. I had been doing a lot of creating Users, Groups,OUs etc, then moving them between OUs, so sounds like you're onto the case, yet again, Mr Super-Phil :P

 

Now, that I like the sound of ..... :P

 

It's a virtual thing

 

I've looked through Explorer, and get as far as %systemroot%\security\logs, but I don't have a winlogon.log file

Any more ideas ? It's obviously related to the tinkering around I've been doing with AD (as per the 218 book), but short of deleting all Users and Groups I've created during the process, am I going to keep getting this problem ?

 

The errors seem to relate to users you have created, assigned permissions to with a group policy then deleted the user. Have you created a lot of GPO's ? If you don't have hundreds you could have a look for deleted users in the GPO's you do have. The theory is remove the users from the policy and the errors will stop.

 

I've kind of done it the other way around, Phil - I have a whole bunch of Users and a few Groups I've created, all of whom have been moved around between groups and OUs.

The GPOs I've been working with (ie Default Domain GPO, and 2 others I created) have been variously applied, blocked and "No Override"ed all over the place (got to learn somehow)

Finally, the two I created, I then deleted. None of the original Users or Group objects were changed, other than getting moved from OU to OU.

So why don't I have the winlogon.log file - would it be under the different Users' profiles ?

Thanks for taking the time, mate

 

Have you tried searching the hard drive for the Winlogon.log file?

I know it's a stupid question, but we all have our blonde days

 

I looked a bit further and found another page here. This bit tells you how to turn on logging to winlogon

 

For the full Microsoft take on the problem Microsoft Knowledge Base Article - 324383

 

Yup, did that, and it did find a WINLOGON file, but not readable with Notepad.

Will try that next, but not tonight, as I'm too scared.

Thanks again for the help, Guys - much appreciated. Will keep you informed.

 

OK, so I got brave - changed the Registry, and am now checking winlogon.log.

This could run all night

 

Hey, I'm here for ya buddy

 

Dammit - the 1332 error is pointing to some SIDs in the Power Users group, which hasn't existed on this machine since I installed AD.

So if I can't access the Power Users group, then how can I delete the Members :?:

OK - too much for one brain for one night - I'm outta here.

 

Last word - the App log is still filling up.

Right I'm gone for tonight. Thanks again.

 

Gav,

If you haven't got it already, download the Group Policy Management Console. It might help track down the rogue GPO. It is a tool introduced alongside 2003 but compatible with 2000. Makes managing Group policy almost a pleasure and has turned cataloging our GPO structure at work from a nightmare into a breeze.